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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 12/12/08 appealing from the Office action mailed 
5/27/08. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's decision in 
the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the Supplemental Appeal Brief filed 
on 12/12/08 is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

6,134,550 VanOorschot 10-2000 
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(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

2. Claims 1-30 are rejected under 35 U.S.C. 102(b) as being anticipated by Van Oorschot et 
al. U.S. Pat. No. 6134550 (hereinafter VO). 

3. As per claim 1, VO discloses a method for processing digital certificates within a data 
processing system, the method comprising: determining a set of trust relations between a set of 
certificate authorities (CAs) in a trust web (VO: column 4 lines 57-63); representing the set of 
trust relations in an adjacency matrix, wherein a cell in the adjacency matrix corresponds to a 
pair of certificate authorities (VO: column 4 lines 59-63 and figures 7a and 7b); performing a 
transitive closure computation on the adjacency matrix to generate a set of inter-CA trust path 
indicators that represent whether a trust path exists between a pair of certificate authorities (VO: 
column 4 lines 52-57); and performing an all-pairs-shortest-paths computation on the adjacency 
matrix to generate multiple sets of shortest trust paths between the certificate authorities (VO: 
column 4 lines 52-57). 
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4. As per claim 2, VO discloses the method of claim 1. VO further discloses initiating a 
secure communication with a requester; receiving a digital certificate for the requester; and 
validating the digital certificate in accordance with an inter-CA trust path indicator and/or a 
shortest trust path (VO: column 5 lines 14-25). 

5. As per claim 3, VO discloses the method of claim 2. VO further discloses wherein the 
digital certificate is formatted according to X.509 standards (VO: figure 3 and column 6 line 22). 

6. As per claim 4-9, claims 4-9 encompass the same scope as claims 1-3. Therefore, claims 
4-9 are rejected based on the same reasons set forth above in rejecting claims 1-3. 

7. As per claim 10, VO discloses a method for operating certificate authorities within a data 
processing system, the method comprising: establishing at a first certificate authority (CA) a trust 
relation with a second certificate authority (VO: column 5 lines 16-24); and sending a trust 
relation update message to a central trust web agent, wherein the central trust web agent 
processes trust relation information for a set of certificate authorities within a trust web (VO: 
column 5 lines 53-61 and column 6 lines 1-1 1). 

8. As per claim 11, VO discloses the method of claim 10. VO further discloses receiving at 
the first certificate authority from the central trust web agent a set of inter-CA trust path 
indicators that represent whether a trust path exists between the first certificate authority and 
other certificate authorities in the trust web (VO: column 9 lines 45-47); and receiving at the first 
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certificate authority from the central trust web agent a set of shortest trust paths between the first 
certificate authority and other certificate authorities in the trust web (VO: column 5 lines 62-67). 

9. As per claim 12, VO discloses the method of 1 1 . VO further discloses initiating a secure 
communication with a requester (VO: column 5 lines 14-25); receiving a digital certificate for 
the requester; and validating the digital certificate in accordance with an inter-CA trust path 
indicator and/or a shortest trust path (VO: column 1 1 line 61 - column 12 line 14). 

10. As per claim 13, VO discloses the method of claim 12. VO further discloses wherein the 
digital certificate is formatted according to X.509 standards (VO: figure 3 and column 6 line 22). 

11. As per claim 14-21, claims 14-21 encompass the same scope as claims 10-13. Therefore, 
claims 14-21 are rejected based on the same reasons set forth above in rejecting claims 10-13. 

12. As per claim 22, VO discloses a method for operating certificate authorities within a data 
processing system, the method comprising: receiving at a central trust web agent from a 
certificate authority (CA) a trust relation update message, wherein the central trust web agent 
processes trust relation information for a set of certificate authorities within a trust web, and 
wherein the trust relation update message indicates a change in a set of trust relations for the 
certificate authority (VO: column 5 lines 54-57 and column 7 line 62 - column 8 line 13); and 
modifying a set of trust relations for the set of certificate authorities within the trust web based 
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on an indicated request in the trust relation update message (VO: column 5 lines 54-57 and 
column 7 line 62 - column 8 line 13). 

13. As per claim 23, VO discloses the method of claim 22. VO further discloses sending to 
the certificate authority from the central trust web agent a set of inter-CA trust path indicators 
that represent whether a trust path exists between the certificate authority and other certificate 
authorities in the trust web (VO: column 9 lines 45-47); and sending to the certificate authority 
from the central trust web agent a set of shortest trust paths between the certificate authority and 
other certificate authorities in the trust web (VO: column 5 lines 62-67). 

14. As per claim 24, VO discloses the method of claim 22. VO further discloses representing 
the set of trust relations in an adjacency matrix, wherein a cell in the adjacency matrix 
corresponds to a pair of certificate authorities (VO: column 4 lines 59-63 and figures 7a and 7b); 
performing a transitive closure computation on the adjacency matrix to generate a set of inter-CA 
trust path indicators that represent whether a trust path exists between a pair of certificate 
authorities (VO: column 4 lines 52-57); and performing an all-pairs-shortest-paths computation 
on the adjacency matrix to generate multiple sets of shortest trust paths between the certificate 
authorities (VO: column 4 lines 52-57). 

15. As per claim 25-30, claims 25-30 encompass the same scope as claims 22-24. Therefore, 
claims 25-30 are rejected based on the same reasons set forth above in rejecting claims 22-24. 
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(10) Response to Argument 

A. The "Transitive Closure Computation" Requirement Variously Recited in Claims 

1-9, 24, 27, and 30 Is Not Anticipated by Qorschot 

Appellant argues that the prior art of record (Van Oorschot, hereinafter VO) does not 
explicitly disclose "transitive closure computation" that "transitive closure computation" is 
different from "shortest trusted path". Furthermore, Appellant states that the examiner's latest 
rejection analysis in Advisory Action (mailed on 8/4/08) to cite different passages from VO 
appears to be improperly driven in hindsight by Appellant's explanation. 

In response to Appellant's argument that the prior art fails to disclose "transitive closure 
computation" and differentiate "transitive closure computation" from "shortest trusted path", VO 
discloses compilation of certificate chain data to generate a table of trust relationships among the 
certificate issuing units (VO: column 4 lines 52-62 and figure 7a; column 10 lines 59-62: the 
intermediate level chain data) and the compilation of certificate chain data is different from the 
shortest-path computation (VO: column 4 lines 65-67 and figure 7b; column 1 1 lines 24-26: the 
shortest path table is the high level certificate chain data) in which the compilation of certificate 
chain data takes place before the shortest-path computation to ensure validity of path. 

In response to Appellant's argument that rejection of the claims is based on hindsight 
reasoning. The examiner disagrees. The examiner rejected the claims under 35 U.S.C 102 to 
show that the the table of trust relationships (transitive disclosure computation) is intermediate 
level chain data while the shortestes path table (shortest path computation) is high level 
certificate chain data derived from the intermediate level chain data. Therefore, argument of 
highsight reasoning that does not apply in this case. 
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B. The Requirement That A Certificate Authority Send "A Trust Relation Update 
Message To A Central Trust Web Agent " Variously Recited In Claims 10-30 Is Not 
Anticipated by Oorschot 

Regarding Appellant's argument, Appellant argues that VO does not explicitly disclose 
"sending a trust relation update message to a central trust web agent". However, the examiner 
disagrees. According to figure 3 of VO, a distributed central web agent interacts with plurality of 
certificate authorities to compile certificate chain data to establish trust between CAs, and the 
CAs respectively provide certificate chain information to the central web agent for compilation 
and periodically provide update or revocation list to the central agent in order to establish the up- 
to-date certificate chain data (VO: column 5 lines 53-60: certificate authority trust data may 
include cross-certification data, revocation data.. .the data is periodically updated as needed). 

The purpose of the cross-certification data, revocation data are well known data used to 
update the trust relations between the entities, by providing these data, the central web agent is 
able to modify the table of trusted path/a set of trust relations based on the update messages. 
Therefore, Appellant's argument that the prior art nor the Final Office Action explain how 
Oorschot discloses the limitation is traversed based on the reason provided. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 
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For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 
/Shin-Hon Chen/ 
Shin-Hon Chen 
Examiner, Art Unit 243 1 

Conferees: 

/Christopher A. Revak/ 
Primary Examiner, Art Unit 243 1 



/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



